CVE-2012-1723: This is a vulnerability in the HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checking. A specially-crafted class file could possibly use this flaw to bypass Java sandbox restrictions, and load additional classes in order to perform malicious operations. The vulnerability was made public by Michael ‘mihi’ Schierl.

Requirement:

Attacker Machine: Backtrack

Victim Machine: Windows (install JRE un-patched version )

Step1: Launch the Metasploit consoleOpen the Terminal in the Attacker Machine(Backtrack).Type “msfupdate” , this will update the metasploit with latest modules.Now type “msfconsole” to get interaction with the Metasploit framework.